package cn.springcloud.fix.oauth2.autoconfigure.authserver;

import lombok.Getter;
import lombok.Setter;
import org.springframework.boot.context.properties.ConfigurationProperties;

@Getter
@Setter
@ConfigurationProperties(prefix = "security.oauth2.authorization")
public class AuthorizationServerProperties {

    /**
     * Spring Security access rule for the check token endpoint (e.g. a SpEL expression
     * like "isAuthenticated()") . Default is empty, which is interpreted as "denyAll()"
     * (no access).
     */
    private String checkTokenAccess;

    /**
     * Spring Security access rule for the token key endpoint (e.g. a SpEL expression like
     * "isAuthenticated()"). Default is empty, which is interpreted as "denyAll()" (no
     * access).
     */
    private String tokenKeyAccess;

    /**
     * Realm name for client authentication. If an unauthenticated request comes in to the
     * token endpoint, it will respond with a challenge including this name.
     */
    private String realm;

    /**
     * Jwt-specific configuration properties
     */
    private Jwt jwt = new Jwt();

    @Getter
    @Setter
    public class Jwt {

        /**
         * The signing key of the JWT token. Can either be a symmetric secret or
         * PEM-encoded RSA private key.
         */
        private String keyValue;

        /**
         * The location of the key store.
         */
        private String keyStore;

        /**
         * The key store's password
         */
        private String keyStorePassword;

        /**
         * The alias of the key from the key store
         */
        private String keyAlias;

        /**
         * The password of the key from the key store
         */
        private String keyPassword;
    }
}
